May 24, 2017 Published ~ 2 years ago.

Trumps proposed budget looks halfway decent. No doubt its time to cut into the "free ride" garbage a bit. I would like to see reduced military spending but overall it looks solid. I like how it attempts to balance the monster that is the Federal Budget. Despite what the whiny "spendaholics" say, its not too shabby looking. Its time to STOP wasting money and spending money the Govt does NOT have. Enough. It screws over everyone in the long run, liberal or conservative.

May 24, 2017 Published ~ 2 years ago.

Video games can make us feel large and powerful, but they also have the ability to make us very small, granting us a unique perspective on everyday life. Here’s to the games and multiplayer maps that turn us into tiny people in a big, big world.

May 24, 2017 Published ~ 2 years ago.

With the global and debilitating WannaCry ransomware attack dominating the news in recent weeks, it’s increasingly necessary to have a serious policy debate about disclosure and patching of vulnerabilities in hardware and software.

Although WannaCry takes advantage of a complex and collective failure in protecting key computer systems, it’s relevant to ask what the government’s role should be when it learns about new vulnerabilities. At EFF, we’ve been pushing for more transparency around the decisions the government makes to retain vulnerabilities and exploit them for “offensive purposes.”

Now, some members of Congress are taking steps towards addressing these decisions with the the proposal of the Protecting Our Ability to Counter Hacking—or PATCH—Act (S.1157). The bill, introduced last week by Sens. Ron Johnson, Cory Gardner, and Brian Schatz and Reps. Blake Farenthold and Ted Lieu, is aimed at strengthening the government’s existing process for deciding whether to disclose previously unknown technological vulnerabilities it finds and uses, called the “Vulnerabilities Equities Process” (VEP).

The PATCH Act seeks to do that by establishing a board of government representatives from the intelligence community as well as more defensive-minded agencies like the Departments of Homeland Security and Commerce. The bill tasks the board with creating a new process to review and, in some cases, disclose vulnerabilities the government learns about.

The PATCH Act is a good first step in shedding some light on the VEP, but, as currently written, it has some shortcomings that would make it ineffective in stopping the kind of security failures that ultimately lead to events like the WannaCry ransomware attack. If lawmakers really want to deal with the dangers of the government holding on to vulnerabilities, the VEP must apply to classified vulnerabilities that have been leaked.

The VEP was established in 2010 by the Obama administration and was intended to require government agencies to collectively weigh the costs and benefits of disclosing these vulnerabilities to outside parties like software vendors instead of holding onto them to use for spying and law enforcement purposes.

Unfortunately, after EFF fought a long FOIA battle to obtain a copy of the written VEP policy document, we’ve learned that it went largely unused. In the meantime, agencies like the NSA and CSA suffered major thefts of their often incredibly powerful tools. In particular, the 2016 Shadow Brokers leak enabled outsiders to later develop the WannaCry ransomware using an NSA tool that the agency likened to “fishing with dynamite.”

Lawmakers should be commended for trying to codify and expand the existing process to ensure that the government is adequately considering these risks, and the PATCH Act is a welcome first step.

But there are two areas in particular where it needs to go further.

First, as described above, the current bill seems to overlook situations where the government loses control of vulnerabilities that it has decided to retain. As we’ve seen with the Shadow Brokers leaks, this is a very real possibility, one which even kept the NSA up at night, according to the Washington Post. Yet the PATCH Act specifically states that a classified vulnerability will not be considered “publicly known” if it has been “inappropriately released to the public.” That means that a stolen NSA tool can be circulating widely among third parties without triggering any sort of mandatory reconsideration of disclosure to a vendor to issue a patch. While it might be argued that other provisions of the bill implicitly account for this scenario, we’d like to see it addressed explicitly.

In addition to overlooking situations like the WannaCry ransomware attack, the bill excludes cases where the government never actually acquires information about a vulnerability and instead contracts with a third-party for a “black box exploit.”

For example, in the San Bernardino case, the FBI reportedly paid a contractor a large sum of money to unlock an iPhone without ever learning details of how the exploit worked. Right now, the government apparently believes it can contract around the VEP in this way. This raises concerns about the government’s ability to adequately assess the risks of using these vulnerabilities, which is why a report written by former members of the National Security Council recommended prohibiting non-disclosure agreements with third-parties entirely. At the very least, we’d like to see the bill bring more transparency to the use of vulnerabilities even when the government itself doesn’t acquire knowledge of the vulnerability.

We hope to see the bill’s authors address these concerns as it moves forward to ensure that all of the vulnerabilities known to the government are reviewed and, where appropriate, disclosed.

May 24, 2017 Published ~ 2 years ago.

A favorite camera among business people and Twitch streamers alike is on sale today at Amazon for a really great price. The online retailer has the Logitech C920 webcam on sale for $50. That’s the lowest price we’ve seen over the webcam’s lifespan and currently about $12 cheaper than other retailers.

The sale is scheduled to last until just before midnight Thursday morning or when supplies run out.

Despite being around for years, the Logitech C920 is still a popular choice–even with the release of Logitech’s C922 and 4K-friendly Brio 4K Pro. That staying power owes to the device’s quality. It has 1080p video capture, and you can run at 1080p during Skype for Windows calls and through broadcast apps like OBS. (That’s despite Logitech only stating official 1080p support within Skype for Windows.)

May 24, 2017 Published ~ 2 years ago.

Cancer treatments are becoming more personal. The Food and Drug Administration recently gave accelerated approval for Keytruda, a pre-existing drug from Merck, for use on patients diagnosed with solid tumors containing a specific biomarker. Rather th…